exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2000-03-16 to 2000-03-17

ISS Security Advisory March 14, 2000
Posted Mar 16, 2000
Site xforce.iss.net

Internet Security Systems (ISS) has identified a vulnerability in the encryption used to conceal the password and login ID of a registered SQL Server user in Enterprise Manager for Microsoft SQL Server 7.0. When registering a new SQL Server in the Enterprise Manager or editing the SQL Server registration properties, the login name that will be used by the Enterprise Manager for the connection must be specified. If a SQL Server login name is used instead of a Widows Domain user name and the Always prompt for login name and password checkbox is not set, the login ID and password are weakly encrypted and stored in the registry.

tags | registry
SHA-256 | a9b3ac0aadd5b79df35825305233bd3833e09c5e6281fa3a3dce365b9a84405f
freebsd.sa-00.09.lynx
Posted Mar 16, 2000
Site freebsd.org

FreeBSD Security Advisory - The lynx software is written in a very insecure style and contains numerous potential and several proven security vulnerabilities exploitable by a malicious server. No simple fix is available until a full review of lynx is done.

tags | vulnerability
systems | freebsd
SHA-256 | ee8b62ac9ab7a8179bc42cc09712b8e7817b09093530e567609345f0b14ce232
freebsd.sa-00.09.mtr
Posted Mar 16, 2000
Site freebsd.org

FreeBSD Security Advisory - mtr, from the ports collection, fails to correctly drop setuid root privileges during operation, allowing a local root compromise.

tags | local, root
systems | freebsd
SHA-256 | 8e19eda3761418bf2a9a006b9011dafdce46efc1bcc91af567dfa0ded91fa3e7
freebsd.sa-00.10.orville
Posted Mar 16, 2000
Site freebsd.org

FreeBSD Security Advisory - Orville-write, provided in the ports collection, is a replacement for the write command, which provides improved control over message delivery and other features. One of the commands installed by the port is incorrectly installed with setuid root permissions. The 'huh' command should not have any special privileges since it is intended to be run by the local user to view his saved messages.

tags | local, root
systems | freebsd
SHA-256 | 2d6eed934594abf84b3866ecd8ebab81463e892b159c8f133135e4e089337e86
suse.imap.txt
Posted Mar 16, 2000

SuSE Security Advisory - A security hole was discovered in the SuSE IMAP server which allows remote attackers to receive imap administrator privilige which can be used e.g. to create or delete folders. This is unrelated to the SuSE linux distribution, which is unaffected. SuSE security site here.

tags | remote, imap
systems | linux, suse
SHA-256 | 70f7eaca71bd1b6e0f93aeb55fc676996c8bcf24b496476f3b61cbf476fb6f90
labs36.htm
Posted Mar 16, 2000
Site ussrback.com

USSR Advisory #36 - Remote / local dos attack in MERCUR WebView WebMail-Client 1.0 for Windows 98/NT. UssrLabs found a buffer overflow in MERCUR WebView WebMail-Client 1.0 (port 1080) where they do not use proper bounds checking in the code who handle the GET commands The following all result in a Denial of Service against the service in question.

tags | remote, denial of service, overflow, local
systems | windows
SHA-256 | 6c1b15e1a3945061e371fadaa138e784299cc28aea9b271df508ffefbdcb4f30
labs35.htm
Posted Mar 16, 2000
Site ussrback.com

USSR Advisory #35 - Remote / local dos overflow attack in MERCUR v3.2* Mail server, pop server, and imap server for Windows.

tags | remote, overflow, local, imap
systems | windows
SHA-256 | bc50ab174effe6cc371148796eba9cfd01035cb4c4caf8c073146c2acef6a2f4
ip-fil3.3.12.tar.gz
Posted Mar 16, 2000
Authored by Darren Reed | Site coombs.anu.edu.au

IP Filter is a TCP/IP packet filter suitable for use in a firewall environment. To use, it can either be run as a loadable kernel module (recommended) or incorporated into your UNIX kernel. Scripts are provided to install and patch system files as required.

Changes: Code to address the FTP proxy problem currently being talked about on bugtraq, and the current kernel proxy has been "beefed up".
tags | tool, kernel, tcp, firewall
systems | unix
SHA-256 | d4f869816a3514d631aad96bbe48046ec74417ab1b663174ce1616ccf2cf10eb
Bastille-1.0.4.pre1.tar.gz
Posted Mar 16, 2000
Authored by Jay Beale | Site bastille-linux.org

Bastille Linux aims to be the most comprehensive, flexible, and educational Security Hardening Program for Red Hat Linux 6.0/6.1. Virtually every task it performs is optional, providing immense flexibility. It educates the installing admin regarding the topic at hand before asking any question. The interactive nature allows the program to be more thorough when securing, while the educational component produces an admin who is less likely to compromise the increased security.

Changes: Redid user interface, use of ssh when downloading, and small bugfixes.
systems | linux, redhat
SHA-256 | 211dc351110ec89d4510429f555f8005d24075e72299f0aada4d1995aad0f190
zipcracker-0.1.1.tar.gz
Posted Mar 16, 2000
Authored by Jonas Borgstrom | Site zipcracker.sourceforge.net

Zipcracker for linux cracks password protected zip archives with brute force.

Changes: BeoWulf (PVM) support and a Swedish translation.
tags | cracker
systems | linux
SHA-256 | 368c0ce052fd35038ffeb6f947ef94f10e0303574ccae50278d5428233eeaf9f
crypto-gram-0003.txt
Posted Mar 16, 2000
Authored by Bruce Schneier, crypto-gram | Site counterpane.com

CRYPTO-GRAM March 15, 2000. In this issue: Kerberos and Windows 2000, AES News, Counterpane Internet Security News, Software as a Burglary Tool, The Doghouse: The Virginia Legislature, Software Complexity and Security, Comments from Readers.

tags | cryptography, magazine
systems | windows
SHA-256 | cc8d54b0047cdd3d3665e525c99e57b83b3d15f74dcacb134652b1e298d5551f
urlsnuff.c
Posted Mar 16, 2000
Authored by Obecian | Site celerity.bartoli.org

Urlsnuff is a urlsniff dos attack. If urlsniff sees this malformed combination of HTTP Requests.

tags | web, denial of service
SHA-256 | 4899b441032bc837dfa3f7eb710e22b3ebaa52024993606408fe14da05fc4ae3
hellkit-1.2.tar.gz
Posted Mar 16, 2000
Authored by teso, stealth | Site team-teso.net

Hellkit is a shellcode generator. You write the your shellcode in C, and it gets converted to ASM for use with both heap and stack based overflows. Many examples included.

Changes: Added generic shellcode decoder which can handle shellcode up to 64kb in length containing any bytes, added encoder for this type of decoder, and fixed some signedness issues in array accessment.
tags | overflow, shellcode
SHA-256 | 4de0a0428ffc7564260f6144a3a67a196db6c7af7dba15d6564be3207bbc83ca
adv7.tar.gz
Posted Mar 16, 2000
Authored by teso, S. Krahmer | Site cs.uni-potsdam.de

TESO Security Advisory - A vulnerability within the kreatecd application for Linux has been discovered. An attacker can gain local root-access. Exploit included.

tags | local, root
systems | linux
SHA-256 | 6b75b08c163190a2f48460df04026108041a65be6542f340bc2ebbebc83a7a66
adv6.tar.gz
Posted Mar 16, 2000
Authored by teso, S. Krahmer | Site cs.uni-potsdam.de

TESO Security Advisory - A vulnerability within the imwheel application for Linux has been discovered. Some of these packages are shipped with an suid-root wrapper-script that invokes the insecure program 'imwheel' with UID 0. Exploit included.

tags | root
systems | linux
SHA-256 | ce2cf3b23cb544a222d43c6fcfc4168a3bd18450577b959771583ecb4a486ae2
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close